Old versions never die

Suddenly a user will appear out of the blue and report problems or have a question and it gets revealed that said user has a version of your software installed that you thought were long forgotten and extinct.
Open Source versions once released find their ways to some places that just then obviously never again upgrade. But surely, if it works why fix it?
The downside for these users is of course that they then have not gotten any of the security upgrades you have been shipping the last decade.
Often, slow-moving (or stuck) Linux distributions are blamed for this. "I am forced to use Linux Y with version Z so I have to use your software version X".